User Authentication Methods - HP ProCurve 6400cl Series Access Security Manual
Hide thumbs
Also See for ProCurve 6400cl Series:
- Management and configuration manual (508 pages) ,
- Installation and getting started manual (84 pages) ,
- Management manual (664 pages)
Table of Contents
Advertisement
Configuring Port-Based and Client-Based Access Control (802.1X)
Overview
10-4
Authentication features covered in chapter 4.)
•
On the 3400cl and 6400cl switches (running software version M.08.6x
or greater), port-based access control supporting one authenticated
client per port.
•
Supplicant implementation using CHAP authentication and indepen
dent username and password configuration on each port.
Local authentication of 802.1X clients using the switch's local username
■
and password (as an alternative to RADIUS authentication).
■
On-demand change of a port's configured VLAN membership status to
support the current client session.
Session accounting with a RADIUS server, including the accounting
■
update interval.
■
Use of Show commands to display session counters.
■
5300xl switches, running software release E.09.xx or greater, support
concurrent use of 802.1X port-access and either Web authentication or
MAC authentication on the same port.
For unauthenticated clients that do not have the necessary 802.1X suppli
■
cant software (or for other reasons related to unauthenticated clients),
there is the option to configure an Unauthorized-Client VLAN. This mode
allows you to assign unauthenticated clients to an isolated VLAN through
which you can provide the necessary supplicant software and/or other
services you want to extend to these clients.
User Authentication Methods
802.1X Port-Based Access Control on 3400cl/6400cl Switches, and
5300xl Switches (with Software Release E.08.xx and Earlier).
802.1X port-based access control provides port-level security that allows LAN
access only on ports where an 802.1X-capable client (supplicant) enters an
authorized RADIUS username and password. Because this operation
unblocks the port while an authenticated client session is in progress, using
the switch's port-security feature (chapter 11) is recommended for topologies
where simultaneous, multiple client access is possible (to prevent unautho
rized access by a second client while another, authenticated client is using the
port). For more information, refer to "Option For Authenticator Ports: Con
figure Port-Security To Allow Only 802.1X-Authenticated Devices" on page 10
36.
5300xl Switches (with Software Release E.09.xx or Greater). 802.1X
operation with access control extended to a per-client basis provides client-
level security that allows LAN access to individual 802.1X clients (up to 32 per
Advertisement
Table of Contents
